BREAKING CHANGE: The `hydra keys create|delete|get|import` commands have changed to follow other Ory project's guidelines, including structured output and improved handling. They are now:
```
hydra create jwks
hydra get jwks
hydra delete jwks
hydra import jwk
```
Please head over to the documentation for more information or use the `--help` CLI flag for each command.
BREAKING CHANGE: HTTP endpoint `/oauth2/flush`, used to flush inactive access token was deprecated and has been removed. Please use `hydra janitor` instead.
BREAKING CHANGE: To improve security and scalability (in particular sharding), OAuth 2.0 Client IDs can no longer be chosen but are always assigned a random generated UUID V4. OAuth 2.0 Clients created with custom IDs before the v2.0 release will continue working with their legacy Client ID in Ory Hydra v2.x.
Additionally, the `hydra create client` command no longer supports flag `--id` and flag `--callbacks` has been renamed to `--redirect-uris`.
Closes#2911
This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.
If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).
For more information, please [read the guide](https://www.ory.sh/hydra/docs/next/guides/hsm-support).
Thank you to [aarmam](https://github.com/aarmam) for this great contribution!
Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>
This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.
You may now use the new `hydra janitor` command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows the `notAfter` safe-guard approach to ensure records needed to be kept are not deleted.
To learn more, please use `hydra help janitor`.
This patch phases out the `/oauth2/flush` endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.
Closes#1574
This patch significantly refactors internal configuration and service management with the goal of making configuration changes possible without service restarts. This patch prepares the possibility to configure ORY Hydra from a remote source (etcd, consul) and watch for changes. This patch also introduces the possibility to configure ORY Hydra from a configuration file on top of environment variables.
The following issues have been fixed as well:
- Key rotation of the system secret is now much simpler (closes#1316)
- Database connectivity parameters such as max_conns no longer cause issues with older postgres versions (closes#1327)
- Non-existing routes now return a JSON error instead of `text/plain` when `application/json` was requested (clsoes #1244)
- We now push tags latest, X, X.Y, X.Y.Z to docker hub (closes#1289)
- The quickstart guide no longer builds the source code but instead pulls latest tag (closes#1309)
- We moved to goreleaser and godownloader for release management (closes#1107)
- The quickstart Docker Compose files are now reusable (closes#1196)
The following issues are also resolved:
- Closes#1121
Signed-off-by: aeneasr <aeneas@ory.sh>
This patch introduces two ports, public and administrative. The public
port is responsible for handling API requests to public endpoints such
as /oauth2/auth, while the administrative port handles requests to
JWK, OAuth 2.0 Client, and Login & Consent endpoints.
Closes#904
Signed-off-by: arekkas <aeneas@ory.am>
This patch deprecates the `hydra connect` command as internal
access control has been removed from ORY Hydra and this command
no longer serves any purpose.
Instead, all commands are supplied with environment variables `HYDRA_URL`,
`OAUTH2_CLIENT_ID`, `OAUTH2_CLIENT_SECRET`, `OAUTH2_ACCESS_TOKEN`.
Please check out `hydra help <command>` for usage instructions. You
should also check out the upgrade guide for more detailed upgrade instructions.
This patch also renames some flags and command names which have been
documented in the upgrade guide.
Closes#841Closes#840
This patch makes significant changes to the consent flow. First,
the consent flow is being renamed to "User Login and Consent Flow"
and is split into two redirection flows, the "User Login Redirection Flow"
and the "User Consent Flow".
Conceptually, not a lot has changed but the APIs have been cleaned up
and the new flow is a huge step towards OpenID Connect Certification.
Besides easier implementation on the (previously known as) consent app,
this patch introduces a new set of features which lets ORY Hydra
detect previous logins and previously accepted consent requests. In turn,
the user does not need to login or consent on every OAuth2 Authorize Code
Flow.
This patch additionally lays the foundation for revoking tokens per
user or per user and client.
Awesome.
Closes#771Closes#772
We have learned a lot over the last year in terms of how ORY Hydra is being used. Initially, we wanted to avoid the problems facing popular databases like MongoDB or others, which did not include authentication for their management APIs.
For this reason, the Warden API was born and primarily used internally and exposed via HTTP. We learned that access control policies are well received, but also add additional complexity to understanding the software. While we firmly believe that these policies implement best practices for access control in complex systems, we do understand that they add a barrier to getting started with ORY Hydra.
For this reason we are planning on moving the Warden API from this project to ORY Oathkeeper or potentially it's own server. We would add a migration path for existing policy definitions to the new service. The default docker image would combine the services in such a way, that ORY Hydra is protected. We would additionally have an (insecure) docker image without authentication which can be used for testing.
This also opens up the possibility of having more access control mechanisms than access control policies. For example, we can add ACL and RBAC and other mechanisms too.
First I think it makes good sense to move this functionality into a separate service and remove the warden calls internally completely. The reason being that not everyone wants to rely on Hydra's access control. Sometimes it's enough to use a gateway in front and require e.g. an API key for management or whatever. New adopters are always baffled by complexity involved with policies and scopes. Removing that from the core could really help. The user survey has also shown that this stuff is quite complex to grasp.
The idea is to have a separate service which is basically ladon as a HTTP API. I think it makes sense to add some functionality to resolve access tokens so it would basically be very similar to the current warden API - probably even equal. There would definitely be some backup mode where hydra's database tables and migrations are used as to make migration as easy as possible.
Then, we would ship docker images and example set ups where different configurations are shown. One of the configurations would be the current one, so basically what we have now in hydra but with the three services combined in one image.
Closes#807
Previously, no way of removing old access tokens from the database.
This patch adds a new endpoint (`POST /oauth2/flush`) capable of
flushing old / stale access tokens.
Additionally, `hydra token flush` was added which is the CLI command
for flushing tokens using the api.
Closes#738
* oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility - closes#277
* oauth2/introspect: make endpoint rfc7662 compatible - closes#289
* warden: make it clear that ladon.Request.Subject is not required or break bc and remove it - closes#270
* travis: execute gox build only when new commit is a new tag - closes#285
* docs: improve introduction (#267)
* core: (health) monitoring endpoint - closes#216
* oauth2/introspect: make endpoint rfc7662 compatible - closes#289
* connections: remove connections API - closes#265
* oauth2: token revocation endpoint - closes#233
* vendor: update to fosite 0.5.0
* core: add sql support #292
* connections: remove connections API - closes#265
* all: coverage report is missing covered lines of nested packages - closes#296
* cmd: prettify the `hydra token user` output - closes#281
* travis: make it possible for travis-ci to build forked repos - closes#295
* cli: key is now sha256(secret) - closes#86
* client: creating clients with predefined credentials - closes#91
* client: always autogenerate secrets when using clients create
* cli: CLI should have `-dry` option to show what the HTTP request looks like - closes#99
* cli: fix issue where tls certificate is regenerated on boot - closes#93
* cli: allow passing of tls certificates via env vars or files - closes#88
* oauth2: add offline scope for refresh tokens - closes#97
* jwk: support for x5c certificate chains - closes#92
* all: minor changes - closes#89
Kevin Goslar
zepatrik
aeneasr
Mart Aarma
naveenpaul1
Alano Terblanche
Sawada Shota
arekkas
aeneasr
Aeneas